Vulnerability-Lookup

CVE-2013-1177 (GCVE-0-2013-1177)

Vulnerability from cvelistv5 – Published: 2013-04-18 18:00 – Updated: 2024-09-17 00:16

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

http://tools.cisco.com/security/center/content/Ci…

vendor-advisoryx_refsource_CISCO

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:49:20.713Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130417 Cisco Network Admission Control Manager SQL Injection Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-nac"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-04-18T18:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130417 Cisco Network Admission Control Manager SQL Injection Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-nac"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-1177",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130417 Cisco Network Admission Control Manager SQL Injection Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-nac"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-1177",
    "datePublished": "2013-04-18T18:00:00Z",
    "dateReserved": "2013-01-11T00:00:00Z",
    "dateUpdated": "2024-09-17T00:16:45.448Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.8.3\", \"matchCriteriaId\": \"B71D2DEF-D07C-4B35-B296-6E9330B4D2CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:4.8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5799E92B-6742-4AC2-ACF9-39398671EDE5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:4.8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"22C408C8-0415-4AAD-BBC8-EDD7A8AAD6F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:4.8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A5860E05-8DA2-48CE-85EE-1A8FA19545D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:4.9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E78679FF-8AFB-4119-A2E0-2AB8FCBB3A92\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:4.9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EEB3F516-D190-4987-ABAF-D2D4229AF03E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de inyecci\\u00f3n SQL en Network Admission Control Manager Cisco (NAC) antes de v4.8.3.1 y v4.9.x antes de v4.9.2 permite a atacantes remotos ejecutar comandos SQL a trav\\u00e9s de vectores no especificados, tambi\\u00e9n conocido como Bug ID CSCub23095.\"}]",
      "id": "CVE-2013-1177",
      "lastModified": "2024-11-21T01:49:03.213",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2013-04-18T18:55:06.910",
      "references": "[{\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-nac\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-nac\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-1177\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2013-04-18T18:55:06.910\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de inyecci\u00f3n SQL en Network Admission Control Manager Cisco (NAC) antes de v4.8.3.1 y v4.9.x antes de v4.9.2 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug ID CSCub23095.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.8.3\",\"matchCriteriaId\":\"B71D2DEF-D07C-4B35-B296-6E9330B4D2CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:4.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5799E92B-6742-4AC2-ACF9-39398671EDE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:4.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22C408C8-0415-4AAD-BBC8-EDD7A8AAD6F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:4.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5860E05-8DA2-48CE-85EE-1A8FA19545D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:4.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E78679FF-8AFB-4119-A2E0-2AB8FCBB3A92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:4.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEB3F516-D190-4987-ABAF-D2D4229AF03E\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-nac\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-nac\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

FKIE_CVE-2013-1177

Vulnerability from fkie_nvd - Published: 2013-04-18 18:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

	URL	Tags
	psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-nac	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-nac	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	network_admission_control_manager_and_server_system_software	*
cisco	network_admission_control_manager_and_server_system_software	4.8.0
cisco	network_admission_control_manager_and_server_system_software	4.8.1
cisco	network_admission_control_manager_and_server_system_software	4.8.2
cisco	network_admission_control_manager_and_server_system_software	4.9.0
cisco	network_admission_control_manager_and_server_system_software	4.9.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B71D2DEF-D07C-4B35-B296-6E9330B4D2CC",
              "versionEndIncluding": "4.8.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:4.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5799E92B-6742-4AC2-ACF9-39398671EDE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:4.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "22C408C8-0415-4AAD-BBC8-EDD7A8AAD6F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:4.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5860E05-8DA2-48CE-85EE-1A8FA19545D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:4.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E78679FF-8AFB-4119-A2E0-2AB8FCBB3A92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:4.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEB3F516-D190-4987-ABAF-D2D4229AF03E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en Network Admission Control Manager Cisco (NAC) antes de v4.8.3.1 y v4.9.x antes de v4.9.2 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug ID CSCub23095."
    }
  ],
  "id": "CVE-2013-1177",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-04-18T18:55:06.910",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-nac"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-nac"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2013-1177

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2013-1177

Aliases

CVE-2013-1177

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-1177",
    "description": "SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095.",
    "id": "GSD-2013-1177"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-1177"
      ],
      "details": "SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095.",
      "id": "GSD-2013-1177",
      "modified": "2023-12-13T01:22:20.714124Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2013-1177",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20130417 Cisco Network Admission Control Manager SQL Injection Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-nac"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:4.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:4.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:4.9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.8.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:4.8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:4.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-1177"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130417 Cisco Network Admission Control Manager SQL Injection Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-nac"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2013-04-19T04:00Z",
      "publishedDate": "2013-04-18T18:55Z"
    }
  }
}

CERTA-2013-AVI-260

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans Cisco NAC Manager. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Cisco	N/A	Cisco NAC Manager versions antérieures à 4.8.3.1
	Cisco	N/A	Cisco NAC Manager versions antérieures à 4.9.2

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20130417-nac du 17 avril 2013	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20130417-nac du 17 avril 2013	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco NAC Manager versions ant\u00e9rieures \u00e0 4.8.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco NAC Manager versions ant\u00e9rieures \u00e0 4.9.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-1177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1177"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20130417-nac du 17    avril 2013",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-nac"
    }
  ],
  "reference": "CERTA-2013-AVI-260",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-04-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eCisco NAC\nManager\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Cisco NAC Manager",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20130417-nac du 17 avril 2013",
      "url": null
    }
  ]
}

CERTA-2013-AVI-260

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans Cisco NAC Manager. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Cisco	N/A	Cisco NAC Manager versions antérieures à 4.8.3.1
	Cisco	N/A	Cisco NAC Manager versions antérieures à 4.9.2

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20130417-nac du 17 avril 2013	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20130417-nac du 17 avril 2013	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco NAC Manager versions ant\u00e9rieures \u00e0 4.8.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco NAC Manager versions ant\u00e9rieures \u00e0 4.9.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-1177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1177"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20130417-nac du 17    avril 2013",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-nac"
    }
  ],
  "reference": "CERTA-2013-AVI-260",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-04-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eCisco NAC\nManager\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Cisco NAC Manager",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20130417-nac du 17 avril 2013",
      "url": null
    }
  ]
}

VAR-201304-0288

Vulnerability from variot - Updated: 2023-12-18 13:49

SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095. Vendors have confirmed this vulnerability Bug ID CSCub23095 It is released as.By any third party SQL The command may be executed. Authentication is not required to exploit this vulnerability.The specific flaw is in the handling of sortColumn URL parameters when constructing SQL database queries. By specially crafting URL parameters, it is possible to influence the SQL queries to gain remote code execution on the affected system. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database and execute arbitrary code. This issue is tracked by Cisco BugID CSCub23095

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201304-0288",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "network admission control manager and server system software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.9.0"
      },
      {
        "model": "network admission control manager and server system software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.8.0"
      },
      {
        "model": "network admission control manager and server system software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.9.1"
      },
      {
        "model": "network admission control manager and server system software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.8.1"
      },
      {
        "model": "network admission control manager and server system software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.8.2"
      },
      {
        "model": "clean access manager",
        "scope": null,
        "trust": 1.4,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "network admission control manager and server system software",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.8.3"
      },
      {
        "model": "network admission control manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.9.2"
      },
      {
        "model": "network admission control manager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.9.x"
      },
      {
        "model": "network admission control manager and server system software",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "4.8.3"
      },
      {
        "model": "network admission control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.9"
      },
      {
        "model": "network admission control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.8.2"
      },
      {
        "model": "network admission control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.8.1"
      },
      {
        "model": "network admission control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.8.0"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-13-067"
      },
      {
        "db": "ZDI",
        "id": "ZDI-13-066"
      },
      {
        "db": "BID",
        "id": "59271"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002414"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1177"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201304-419"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:4.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:4.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:4.9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.8.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:4.8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:4.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-1177"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Nenad Stojanovski",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-13-067"
      },
      {
        "db": "ZDI",
        "id": "ZDI-13-066"
      }
    ],
    "trust": 1.4
  },
  "cve": "CVE-2013-1177",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "ZDI",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2013-1177",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 1.4,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2013-1177",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-61179",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-1177",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "ZDI",
            "id": "CVE-2013-1177",
            "trust": 1.4,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201304-419",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-61179",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-13-067"
      },
      {
        "db": "ZDI",
        "id": "ZDI-13-066"
      },
      {
        "db": "VULHUB",
        "id": "VHN-61179"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002414"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1177"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201304-419"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095. Vendors have confirmed this vulnerability Bug ID CSCub23095 It is released as.By any third party SQL The command may be executed. Authentication is not required to exploit this vulnerability.The specific flaw is in the handling of sortColumn URL parameters when constructing SQL database queries. By specially crafting URL parameters, it is possible to influence the SQL queries to gain remote code execution on the affected system. \nAn attacker can exploit this  issue by manipulating the SQL query logic   to carry out unauthorized  actions on the underlying database and  execute arbitrary code. \nThis issue is tracked by Cisco BugID CSCub23095",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-1177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002414"
      },
      {
        "db": "ZDI",
        "id": "ZDI-13-067"
      },
      {
        "db": "ZDI",
        "id": "ZDI-13-066"
      },
      {
        "db": "BID",
        "id": "59271"
      },
      {
        "db": "VULHUB",
        "id": "VHN-61179"
      }
    ],
    "trust": 3.24
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-1177",
        "trust": 4.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002414",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-1535",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-13-067",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-1536",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-13-066",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201304-419",
        "trust": 0.7
      },
      {
        "db": "CISCO",
        "id": "20130417 CISCO NETWORK ADMISSION CONTROL MANAGER SQL INJECTION VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "SECUNIA",
        "id": "53130",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "59271",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-61179",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-13-067"
      },
      {
        "db": "ZDI",
        "id": "ZDI-13-066"
      },
      {
        "db": "VULHUB",
        "id": "VHN-61179"
      },
      {
        "db": "BID",
        "id": "59271"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002414"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1177"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201304-419"
      }
    ]
  },
  "id": "VAR-201304-0288",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-61179"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:49:06.944000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20130417-nac",
        "trust": 2.2,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130417-nac"
      },
      {
        "title": "28928",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=28928"
      },
      {
        "title": "cisco-sa-20130417-nac",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/jp/111/1117/1117759_cisco-sa-20130417-nac-j.html"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-13-067"
      },
      {
        "db": "ZDI",
        "id": "ZDI-13-066"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002414"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-89",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-61179"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002414"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1177"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.1,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130417-nac"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1177"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1177"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/53130"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/ps6128/index.html"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-13-067"
      },
      {
        "db": "ZDI",
        "id": "ZDI-13-066"
      },
      {
        "db": "VULHUB",
        "id": "VHN-61179"
      },
      {
        "db": "BID",
        "id": "59271"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002414"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1177"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201304-419"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-13-067"
      },
      {
        "db": "ZDI",
        "id": "ZDI-13-066"
      },
      {
        "db": "VULHUB",
        "id": "VHN-61179"
      },
      {
        "db": "BID",
        "id": "59271"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002414"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1177"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201304-419"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-05-10T00:00:00",
        "db": "ZDI",
        "id": "ZDI-13-067"
      },
      {
        "date": "2013-05-10T00:00:00",
        "db": "ZDI",
        "id": "ZDI-13-066"
      },
      {
        "date": "2013-04-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-61179"
      },
      {
        "date": "2013-04-17T00:00:00",
        "db": "BID",
        "id": "59271"
      },
      {
        "date": "2013-04-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-002414"
      },
      {
        "date": "2013-04-18T18:55:06.910000",
        "db": "NVD",
        "id": "CVE-2013-1177"
      },
      {
        "date": "2013-04-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201304-419"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-05-10T00:00:00",
        "db": "ZDI",
        "id": "ZDI-13-067"
      },
      {
        "date": "2013-05-10T00:00:00",
        "db": "ZDI",
        "id": "ZDI-13-066"
      },
      {
        "date": "2013-04-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-61179"
      },
      {
        "date": "2013-05-13T11:12:00",
        "db": "BID",
        "id": "59271"
      },
      {
        "date": "2013-04-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-002414"
      },
      {
        "date": "2013-04-19T04:00:00",
        "db": "NVD",
        "id": "CVE-2013-1177"
      },
      {
        "date": "2013-04-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201304-419"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201304-419"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Network Admission Control Manager In  SQL Injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002414"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SQL injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201304-419"
      }
    ],
    "trust": 0.6
  }
}

GHSA-572W-GRX8-4CG2

Vulnerability from github – Published: 2022-05-17 05:11 – Updated: 2022-05-17 05:11

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-1177"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-04-18T18:55:00Z",
    "severity": "HIGH"
  },
  "details": "SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095.",
  "id": "GHSA-572w-grx8-4cg2",
  "modified": "2022-05-17T05:11:14Z",
  "published": "2022-05-17T05:11:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1177"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-nac"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-1177 (GCVE-0-2013-1177)

FKIE_CVE-2013-1177

GSD-2013-1177

CERTA-2013-AVI-260

Solution

CERTA-2013-AVI-260

Solution

VAR-201304-0288

GHSA-572W-GRX8-4CG2

Tags

Sightings

Nomenclature